The Account Settings Section of the AP Investment Platform API documentation provides detailed information on managing user account settings within the platform. This section is divided into the following key areas:
The Account Settings Section allows users to view their basic information and change their account password. This section provides endpoints to retrieve user information and update account passwords.
Once the page is accessed, data is fetched from the /api:fH8MNGPq:v1/user/get_data endpoint to display the user's basic information. The endpoint runs the App\Http\Controllers\AccountSettings@getData method to retrieve user data.
{
"id": 0123,
"firstname": "Sam",
"lastname": "Uzima",
"email": "[email protected]",
"google_oauth": {
"id": "",
"name": "",
"email": ""
},
"login": {
"type": "email",
"stage": "investor",
"last_login": "2024-05-31"
},
"dob": "30/08/2003",
"kyc": {
"type": "NATIONAL_ID",
"id_pp_no": "00000000",
"status": "verified",
"kyc_contact": "+254********6",
"message": {
"firstname": "unchecked",
"lastname": "unchecked",
"dob": "verified"
}
},
"pesaswap_id": "",
"has_paid_joining_fee": true,
"email_verified_at": "2025-05-31T10:08:23.000000Z",
"created_at": "2024-12-22T08:33:31.000000Z",
"updated_at": "2025-03-07T06:07:42.000000Z",
"membership_number": "1234567"
}The Basic Information section displays the user's basic information, including their first name, last name, and email address. Users can view this information but cannot edit it directly. Any changes to this information must be made through the platform's support team.
The Password section allows users to change their account password. Users can update their passwords by providing their current password and entering a new password. The platform enforces password strength requirements to ensure account security. The strength requirements include at least one number, one letter, one special character, and a minimum length of eight characters. Submitting the password change form triggers an API call to the /api:fH8MNGPq/user/reset_password endpoint, which runs the App\Http\Controllers\AccountSettings@resetPassword method to update the user's password.
public function resetPassword(Request $request)
{
$validator = \Validator::make($request->all(), [
'prev_password' => ['required', 'string'],
'new_password' => ['required', 'string'],
]);
if ($validator->fails()) {
return RespondWithError::make()->handle(
message: $validator->errors()->first(), payload: $validator->errors()->all(), status: 422
);
}
$user = Auth::user();
if ($user->login->type === 'email') {
if (!Auth::guard('web')->attempt(['email' => $user->email, 'password' => $request->input('prev_password')])) {
return RespondWithError::make()->handle(
code: RespondWithError::$ERROR_CODE_NOT_FOUND,
message: "This password does not match your previous password"
);
} elseif (Auth::guard('web')->attempt(['email' => $user->email, 'password' => $request->input('new_password')])) {
return RespondWithError::make()->handle(
code: RespondWithError::$ERROR_CODE_BAD_REQUEST,
message: "New Password same as old password"
);
}
ChangeUserPassword::make()->handle($user->id, $request->input('new_password'));
$message = "Update password was successful";
} else {
$message = "login type google";
}
return RespondWithSuccess::make()->handle($message);
}The resetPassword method validates the user's input, checks the current password, and updates the password if the validation passes. The method also handles different login types, such as email and Google OAuth, to ensure that the password change process is secure and user-friendly. The method also runs the App\Actions\Auth\ChangeUserPassword action to hash and update the user's password in the database.